Pentagon Seeks a New Generation of Hackers 134
Hugh Pickens writes "Forbes reports on a new military-funded program aimed at leveraging an untapped resource: the population of geeky high school and college students in the US. The Cyber Challenge will create three new national competitions for high school and college students intended to foster a young generation of cybersecurity researchers. 'The contests will test skills applicable to both government and private industry: attacking and defending digital targets, stealing data, and tracing how others have stolen it. [...] The Department of Defense's Cyber Crime Center will expand its Digital Forensics Challenge, a program it has run since 2006, to include high school and college participants, tasking them with problems like tracing digital intrusions and reconstructing incomplete data sources. In the most controversial move, the SANS Institute, an independent organization, plans to organize the Network Attack Competition, which challenges students to find and exploit vulnerabilities in software, compromise enemy systems and steal data. Talented entrants may be recruited for cyber training camps planned for summer 2010, nonprofit camps run by the military and funded in part by private companies, or internships at agencies including the National Security Agency, the Department of Energy or Carnegie Mellon's Computer Emergency Response Team.'"
Re:Foreigners?? (Score:3, Informative)
Literally any governmental or military job that involves dealing with classified information, requires you to be a US citizen. I imagine this would be no different.
Re:Cybersecurity (Score:2, Informative)
Isn't it funny that whenever there is talk about security it generally means the opposite?
Well, it makes sense. In order to defend a secure system/network, you must first know multiple ways to break into that secure system/network. Posers doing "IT security" jobs that don't know what they're doing are for sure going to drop the ball and get pwned.
Comment removed (Score:3, Informative)
Re:I have to say I'm a little frustrated.... (Score:3, Informative)
Re:This is hilarious! (Score:1, Informative)
It could be computers...or it could be stereo speakers.
You're a moron. No offense. We're not talking about the bullshit hacking that lifehackers do. The kind of hacking we're talking about is specifically breaking computer security. This involves exploits, buffer overflows, timing attacks, DNS poisoning, spoofing, shell code, etc, etc... All those things can most certainly be taught though mastering these topics, or any topic, requires practice and experience. There's nothing abstract about that.
Re:This is hilarious! (Score:4, Informative)
Things like this can be taught by books or professors.
You start off with ground work on information security, networking, and penetration testing. You learn how things are being protected, how known flaws were exploited in the past, and what traces were left behind.
It's the same steps as being a programmer. The great ones love it, understand it, and spend their free time doing it. The average ones just tread where the great ones have gone before.
sans.org (Score:2, Informative)
Re:A recruiting aid for unclearable personnel (Score:3, Informative)
The purpose of the polygraph isn't to find out if you are lily-white. It is largely to determine if you can be blackmailed. If you are truthful about your "indiscretions", you can't be blackmailed. On the other hand, someone who is willing to lie on a polygraph clearly has some shame issues that could be exploited by a hostile agent. Obviously, admitting to a felony or intent to subvert the government isn't going to get you anywhere.
Re:Culture vs Goals (Score:3, Informative)
You're forgetting a few details:
First, there's military contractors to work for, which have a more 'pleasant' attitude. On top of that, the DoD folks in this area aren't exactly your normal "grunt".
Second, the level of challenges are going to be extremely high. You're not trying to break in to some web server set up by a marginally-competent IT guy. You're working against (and with) the best on the planet.
Third, you put a few years in at the DoD, and you come out with a security clearance and very attractive resume. If you decide you don't want to keep working for the DoD, you can make a lot more money than if you only did your hacking 'on the side' while writing database apps.
Fourth, no jail time. "Pwn" servers all day, and if they somehow trace it back to you, you don't spend a few years being Bubba's special friend.
Lastly, you're seeing so many "hacker recruiting" programs because there's metric craploads of money being thrown at anything "Cyberwarfare".
Re:Foreigners?? (Score:2, Informative)
Hoglund / Butler - Rootkits
Aitel / Eren (Hi Sinan!) / et al - The Shellcoder's Handbook
McClur - Hacking Exposed
Dowd / et al - The Art of Software Security Assessment
Szor - The Art of Computer Virus Research and Defense
Oh, and the vast majority of exploits target one form of buffer overflow or another. Stack based, heap based... learn your buffer overflows and you're in the door.